FEAT #13667 TIME 1:35 Authentication locked and suspended informations

8fce75c5 · Damien · 27740669 · 8fce75c5 · 8fce75c5 · 8fce75c5
Verified Commit 8fce75c5 authored 5 years ago by Damien
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -38,13 +38,13 @@ class AuthenticationController
    public function getInformations(Request $request, Response $response)
    {
-//        $path = CoreConfigModel::getConfigPath();
+        $path = CoreConfigModel::getConfigPath();
-//        $hashedPath = md5($path);
+        $hashedPath = md5($path);
        $appName = CoreConfigModel::getApplicationName();
        $parameter = ParameterModel::getById(['id' => 'loginpage_message', 'select' => ['param_value_string']]);
-        return $response->withJson(['instanceId' => null, 'applicationName' => $appName, 'loginMessage' => $parameter['param_value_string'] ?? null]);
+        return $response->withJson(['instanceId' => $hashedPath, 'applicationName' => $appName, 'loginMessage' => $parameter['param_value_string'] ?? null]);
    }
    public static function authentication($authorizationHeaders = [])
@@ -129,39 +129,37 @@ class AuthenticationController
        return ['isRouteAvailable' => true];
    }
-    public static function handleFailedAuthentication(array $aArgs)
+    public static function handleFailedAuthentication(array $args)
    {
-        ValidatorModel::notEmpty($aArgs, ['userId']);
+        ValidatorModel::notEmpty($args, ['userId']);
-        ValidatorModel::stringType($aArgs, ['userId']);
+        ValidatorModel::intVal($args, ['userId']);
        $passwordRules = PasswordModel::getEnabledRules();
        if (!empty($passwordRules['lockAttempts'])) {
-            $user = UserModel::getByLowerLogin(['select' => ['failed_authentication', 'locked_until'], 'login' => $aArgs['userId']]);
+            $user = UserModel::getById(['select' => ['failed_authentication', 'locked_until'], 'id' => $args['userId']]);
+            if (!empty($user['locked_until'])) {
-            if (!empty($user)) {
+                return ['accountLocked' => true, 'lockedDate' => $user['locked_until']];
-                if (!empty($user['locked_until'])) {
+            }
-                    $lockedDate = new \DateTime($user['locked_until']);
-                    $currentDate = new \DateTime();
-                    if ($currentDate > $lockedDate) {
-                        AuthenticationModel::resetFailedAuthentication(['userId' => $aArgs['userId']]);
-                        $user['failed_authentication'] = 0;
-                    } else {
-                        return _ACCOUNT_LOCKED_UNTIL . " {$lockedDate->format('d/m/Y H:i')}";
-                    }
-                }
-                AuthenticationModel::increaseFailedAuthentication(['userId' => $aArgs['userId'], 'tentatives' => $user['failed_authentication'] + 1]);
+            UserModel::update([
+                'set'       => ['failed_authentication' => $user['failed_authentication'] + 1],
+                'where'     => ['id = ?'],
+                'data'      => [$args['userId']]
+            ]);
-                if (!empty($user['failed_authentication']) && ($user['failed_authentication'] + 1) >= $passwordRules['lockAttempts'] && !empty($passwordRules['lockTime'])) {
+            if (!empty($user['failed_authentication']) && ($user['failed_authentication'] + 1) >= $passwordRules['lockAttempts'] && !empty($passwordRules['lockTime'])) {
-                    $lockedUntil = time() + 60 * $passwordRules['lockTime'];
+                $lockedUntil = time() + 60 * $passwordRules['lockTime'];
-                    AuthenticationModel::lockUser(['userId' => $aArgs['userId'], 'lockedUntil' => $lockedUntil]);
+                UserModel::update([
-                    return _ACCOUNT_LOCKED_FOR . " {$passwordRules['lockTime']} mn";
+                    'set'   => ['locked_until'  => date('Y-m-d H:i:s', $lockedUntil)],
-                }
+                    'where'     => ['id = ?'],
+                    'data'      => [$args['userId']]
+                ]);
+                return ['accountLocked' => true];
            }
        }
-        return _BAD_LOGIN_OR_PSW;
+        return true;
    }
    public function authenticate(Request $request, Response $response)
@@ -177,7 +175,18 @@ class AuthenticationController
        $login = strtolower($body['login']);
        $authenticated = AuthenticationModel::authentication(['login' => $login, 'password' => $body['password']]);
        if (empty($authenticated)) {
-            return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
+            $user = UserModel::getByLogin(['login' => $login, 'select' => ['id', 'status']]);
+            if (empty($user)) {
+                return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
+            } elseif ($user['status'] == 'SPD') {
+                return $response->withStatus(401)->withJson(['errors' => 'Account Suspended']);
+            } else {
+                $handle = AuthenticationController::handleFailedAuthentication(['userId' => $user['id']]);
+                if (!empty($handle['accountLocked'])) {
+                    return $response->withStatus(401)->withJson(['errors' => 'Account Locked', 'date' => $handle['lockedDate'] ?? null]);
+                }
+                return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
+            }
        }
        $user = UserModel::getByLogin(['login' => $login, 'select' => ['id', 'loginmode', 'refresh_token', 'user_id']]);
@@ -204,10 +213,11 @@ class AuthenticationController
        $refreshToken = AuthenticationController::getRefreshJWT();
        $user['refresh_token'][] = $refreshToken;
        UserModel::update([
-            'set'   => ['reset_token' => null, 'refresh_token' => json_encode($user['refresh_token'])],
+            'set'   => ['reset_token' => null, 'refresh_token' => json_encode($user['refresh_token']), 'failed_authentication' => 0, 'locked_until' => null],
            'where' => ['id = ?'],
            'data'  => [$user['id']]
        ]);
        $response = $response->withHeader('Token', AuthenticationController::getJWT());
        $response = $response->withHeader('Refresh-Token', $refreshToken);

--- a/src/core/models/AuthenticationModel.php
+++ b/src/core/models/AuthenticationModel.php
@@ -39,59 +39,6 @@ class AuthenticationModel
        return password_verify($args['password'], $aReturn[0]['password']);
    }
-    public static function resetFailedAuthentication(array $aArgs)
-    {
-        ValidatorModel::notEmpty($aArgs, ['userId']);
-        ValidatorModel::stringType($aArgs, ['userId']);
-        DatabaseModel::update([
-            'table'     => 'users',
-            'set'       => [
-                'failed_authentication' => 0,
-                'locked_until'          => null,
-            ],
-            'where'     => ['lower(user_id) = lower(?)'],
-            'data'      => [$aArgs['userId']]
-        ]);
-        return true;
-    }
-    public static function increaseFailedAuthentication(array $aArgs)
-    {
-        ValidatorModel::notEmpty($aArgs, ['userId', 'tentatives']);
-        ValidatorModel::stringType($aArgs, ['userId']);
-        ValidatorModel::intVal($aArgs, ['tentatives']);
-        DatabaseModel::update([
-            'table'     => 'users',
-            'set'       => [
-                'failed_authentication' => $aArgs['tentatives']
-            ],
-            'where'     => ['lower(user_id) = lower(?)'],
-            'data'      => [$aArgs['userId']]
-        ]);
-        return true;
-    }
-    public static function lockUser(array $aArgs)
-    {
-        ValidatorModel::notEmpty($aArgs, ['userId', 'lockedUntil']);
-        ValidatorModel::stringType($aArgs, ['userId']);
-        DatabaseModel::update([
-            'table' => 'users',
-            'set'   => [
-                'locked_until'  => date('Y-m-d H:i:s', $aArgs['lockedUntil'])
-            ],
-            'where' => ['lower(user_id) = lower(?)'],
-            'data'  => [$aArgs['userId']]
-        ]);
-        return true;
-    }
    public static function generatePassword()
    {

--- a/src/core/models/CoreConfigModel.php
+++ b/src/core/models/CoreConfigModel.php
@@ -58,6 +58,18 @@ class CoreConfigModel
        return $customId;
    }
+    public static function getConfigPath()
+    {
+        $customId = CoreConfigModel::getCustomId();
+        if (!empty($customId) && is_file("custom/{$customId}/apps/maarch_entreprise/xml/config.xml")) {
+            $path = "custom/{$customId}/apps/maarch_entreprise/xml/config.xml";
+        } else {
+            $path = 'apps/maarch_entreprise/xml/config.xml';
+        }
+        return $path;
+    }
    public static function getApplicationName()
    {
        static $applicationName;
@@ -225,7 +237,7 @@ class CoreConfigModel
        $customId = CoreConfigModel::getCustomId();
-        if (file_exists("custom/{$customId}/{$args['path']}")) {
+        if (is_file("custom/{$customId}/{$args['path']}")) {
            $path = "custom/{$customId}/{$args['path']}";
        } else {
            $path = $args['path'];

--- a/test/unitTests/core/AuthenticationControllerTest.php
+++ b/test/unitTests/core/AuthenticationControllerTest.php
@@ -113,17 +113,27 @@ class AuthenticationControllerTest extends TestCase
            $fullRequest = \httpRequestCustom::addContentInBody(['rules' => $rules], $request);
            $passwordController->updateRules($fullRequest, new \Slim\Http\Response());
-            $response = \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => 'superadmin']);
+            \User\models\UserModel::update([
-            $this->assertSame(true, $response);
+                'set'   => ['failed_authentication' => 0, 'locked_until' => null],
+                'where' => ['user_id = ?'],
+                'data'  => ['superadmin']
+            ]);
            for ($i = 1; $i < $lockAttempts; $i++) {
-                $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => 'superadmin']);
+                $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $GLOBALS['id']]);
-                $this->assertSame(_BAD_LOGIN_OR_PSW, $response);
+                $this->assertSame(true, $response);
            }
-            $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => 'superadmin']);
+            $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $GLOBALS['id']]);
-            $this->assertSame(_ACCOUNT_LOCKED_FOR . " " . $lockTime . " mn", $response);
+            $this->assertSame(true, $response['accountLocked']);
+            $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => $GLOBALS['id']]);
-            $response = \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => 'superadmin']);
+            $this->assertSame(true, $response['accountLocked']);
+            $this->assertNotNull($response['lockedDate']);
+            \User\models\UserModel::update([
+                'set'   => ['failed_authentication' => 0, 'locked_until' => null],
+                'where' => ['user_id = ?'],
+                'data'  => ['superadmin']
+            ]);
        }
    }
 }